Emeterai Privacy Policy

  

Emeterai issues Electronic Certificates, which are obtained and used by individuals to authenticate their identity to others, sign documents using electronic signature, and/or to encrypt sensitive data so they can be transmitted over the Internet. 

Subscribers declare that they have read, understood and agreed to the Provisions of Emeterai Privacy Policy. 

The provisions in this Subscribers Privacy Policy can be amended or updated in whole or in part from time to time without prior notification to the Subscribers, and the amendment comes into effect since its publication on the Site. Subscribers to Emeterai Services are advised to check the Site periodically to be aware of any changes in the provisions from time to time. 

By resuming access to Emeterai Accounts or continuing the usage of Emeterai Services, Subscribers agree with the amendments to the Provisions in this Privacy Policy. In the event that Subscribers do not agree with the amendments, Subscribers should immediately notify Emeterai to terminate their Emeterai Accounts. 

This Emeterai Privacy Policy is an inseparable part of and is related to the Emeterai electronic certificate Ownership / Subscriber Agreement document; thus, Subscribers to Emeterai Accounts accept, agree, and acknowledge that the Subscribers have read and understood all of the contents of the document. If there is a difference in writing the terms, then Emeterai Privacy Policy and electronic certificate ownership / Subscriber Agreement documents have the same meaning. 

  

A. Definition

All capitalized words herein have the following meanings:

  

1. “Emeterai Account” is an alphanumeric code issued by Emeterai, and the code can be associated to a unique username which can identify the subscriber in using Emeterai Services.

  

2. “Electronic Document” is any electronic information which includes but is not limited to electronic contracts which are made, forwarded, sent, received, or stored in electronic form.

  

3. “Electronic Information” is a single or a group of electronic data which include but are not limited to written data, audio data, pictures, maps, designs, photographs, electronic data interchange (EDI), e-mails, telegrams, telex, telecopies and the like, letters, signs, numbers, access codes, symbols, or perforations which has been processed to obtain meanings or to be understood by the people who can comprehend them. 

  

4. “Emeterai Services” are the services to issue Electronic Certificates and create Emeterai Electronic Signatures and/or other Emeterai services as stated by Emeterai from time to time through Emeterai Site or Application. 

  

5. “Subscribers ” means private individuals, associations, firms, companies, legal entities, institutions or organizations that use Emeterai Services. 

  

6. “Emeterai Application” refers to Emeterai Services in the form of mobile apps. 

  

7. “Electronic Certificate” is a certificate issued by Emeterai electronically and containing the Electronic Signatures and identities which identify the legal subjects or all parties involved in an electronic transaction. 

  

8. “Site” refers to https://emeterai.com. 

  

9. “Service Policy and Practice Documents” refer to Certificate Policy, Certificate Practice Statement, Emeterai Privacy Policy, and other policy documents which inform the policies and practices of Emeterai Services, as regulated in Root CA Indonesia and the applicable laws and regulations. 

  

10. “Subscriber Agreement” means the terms and conditions which bind the Owners of Emeterai Accounts, as the Subscribers to Emeterai Services. 

  

11. “Relying Parties” are associations, firms, companies, legal entities, institutions or organizations that rely on Emeterai Services. 

  

12. “Electronic Signatures” are signatures which consist of Electronic Information which has been affixed, associated, or related to other Electronic Information which is used as a verification and authentication which is created by using Emeterai Services. 

  

B.  Compliance

Emeterai adheres to and complies with the applicable laws and regulations in providing its services as an Electronic Certificate Authority which is responsible for the use of personal data, their management, and their storing processes as regulated in: 

  

a. Law No. 11 of 2008 on Electronic Information and Transactions;

b. Government Regulation No. 71 of 2019 on the Organization of Electronic Systems and Transactions;

c. Regulation of Minister of Communication and Informatics No. 11 of 2018 on the Organization of Electronic Certificates;

d. Regulation of Minister of Communication and Informatics No. 20 of 2016 on the Personal Data Protection on Electronic System

e. CP / CPS Root CA Indonesia.

  

C.  Personal Data

  

1. Collection of Personal Data

Emeterai collects and processes the Subscribers personal data when the Subscribers submit applications for Emeterai Electronic Certificates, and Emeterai obtains the personal data directly from the Subscribers, Emeterai will verify the personal data and compare them with the data sent by the Subscribers to the data Registration Authority that has partnered with us. In the Event of the Electronic Certificate application process stops, Emeterai will not store the Subscribers' personal data. 

  

2. The Obtained Personal Data

The data required when the Subscribers apply for the issuance of Emeterai Electronic Certificates are: 

a. National Identity Number in E-KTP for Indonesian citizens

b. Passport or KITAS / KITAP Numbers for foreign citizens

c. Full Name

d. Place and date of birth

e. Gender

f. Email Address

g. Mobile phone number

h. Self-portrait photograph

3. Personal Data Storage

Emeterai stores Subscribers personal data and protects them from loss, misuse or improper disclosure, in accordance with Information Security Management System practices. This storage is maintained for as long as the Subscribers Certificates are still valid, and complies with the data retention period specified in Emeterai CP and CPS documents. Actions taken by Emeterai include: 

a. Emeterai takes security and storage measures with great care in order to protect the confidentiality of the Subscribers' personal data from time to time;

b. Emeterai guarantees that any data uploaded and sent by the Subscribers to the Emeterai Services are stored securely and sent confidentially using information security standards;

c. Emeterai guarantees to protect the Subscribers' Private Key storage area safely with a high level of escrowed security, namely Subscribers' Private Keys can only be accessed by the Subscribers, using two-factor authentication;

d. Emeterai will notify the Subscribers in the event that there is a failure to protect the confidentiality of the Subscribers' personal data in the Emeterai electronic system under the provisions of the applicable laws and regulations; and

  

e. Emeterai guarantees that only the Subscribers and other parties who are given permission by the Subscribers to access the electronic documents can view the documents that the Subscribers upload through their Emeterai Accounts to Emeterai Services.

 

4. Personal Data Protection Mechanisms

a. All access to personal data is verified to maintain the confidentiality of the personal data.

b. Emeterai has no right to modify Subscribers' personal data unless there is a request from the legitimate owners of the data.

c. Personal Data Information is stored and processed at processing facilities located in the Indonesian territory of Indonesia and secured under the provisions of applicable laws and regulations.

d. Emeterai protects personal data storage activities to prevent a personal data leak in DC and DRC.

e. Emeterai retains personal data during the retention period

f. Emeterai processes and records activities related to the storage, transfer and deletion of personal data that occurs.

 

5. Pengungkapan Data Pribadi / Disclosure of Personal Data

Emeterai can use or disclose the Subscribers personal data to parties authorized by laws and regulations in order to comply with the provisions of laws and regulations for law enforcement processes or for taking further preventive action in connection with unauthorized activities, suspected criminal acts, or violations of the laws or regulations. Pertaining to the use or disclosure, the Subscribers release Emeterai from all claims, charges, and compensation that may result from the use or disclosure. 

In Order to provide Emeterai services, Emeterai shall be able to disclose and share the Subscribers Personal Data to a third party provided that the Subscribers have given their consent to such disclosure and sharing. Consent refers to Article B - Compliance and Point 7 - The consent to use personal data in this Privacy Policy. Emeterai will only disclose and share the Subscribers Personal Data only when it is necessary to provide our services to the Subscribers. 

Some Personal Data that Emeterai maintain may be shared on occasion with service providers, such as payment service providers, regulators, external experts (auditors, attorneys, other consultants that Emeterai hire to assist in performing functions necessary to operate our business). If Emeterai make a disclosure of this type, the Personal Data recipient must agree to:  

a. View the Personal Data only on Emeterai premises and not remove it, except as necessary to provide the services to Emeterai;

b. Use it only for the purposes and interests that have been previously established; and

c. Return it to Emeterai employees or destroy it as soon as the need for the Personal Data expires.

  

6. Deletion of Personal Data

The deletion of the Subscribers personal data is conducted by termination of the Emeterai account access and terminating the Emeterai Services. Personal Data stored by Emeterai have a retention period of 5 (five) years under the provisions stipulated in Emeterai CP / CPS. 

 

7. The Consent to Use Personal Data

a. The Subscribers hereby declares that they have given explicit permission to Emeterai prior to the Electronic Certificate issuance process.

b. The usage of Emeterai Account and Emeterai Services, the Subscribers agree to comply with all applicable laws and regulations in Indonesia.

  

8. Contact and Notification

Every notification from Emeterai addressed to the Subscribers will be notified through Emeterai apps, the Subscriber's account dashboard, e-mail, or Short Message Service (SMS) sent to the Subscribers registered with the Emeterai Account.

Every notification from the Subscribers to Emeterai becomes effective when the notification is received by Emeterai via e-mail: cs@emeterai.com and/or the physical documents can be sent to PT Datanet Indomedia, Jl. Kramat Raya no. 140, Central Jakarta, 10430.

  

D.  Others

This policy is made in 2 languages, namely Indonesian and English. If there is a difference in interpretation between the Indonesian text and the English text, the Indonesian text will prevail.